Yes, that is the sense of FOSS, freedom and developement of new shared scripts, but not necessarily security or privacy for the normal user, this depends solely on the developer himself and his intentions and on the support of an active community. A simple user does not have the possibility to find out if this software is safe or that it spies on him even if he has the code, which can have millions of lines. More dangerous if it is neglected or even abandoned software, since hackers also have access to the script and it is easy for them to inject malicious code, as has already happened with some FOSS.

FOSS security depends heavily on a strong support from its devs and an active user community, if not, bad business, privacy is also debatable, most of the APIs of Google, Amazon, Meta, MS are FOSS and included by default in a lot of scripts of the other FOSS, GitHub itself, where are the mayor amount of FOSS is proprietary and owned by Microsoft.

FOSS, ever since big corporations got into it, has been quite distorted in its original meaning. Many products rely on the expertise of good devs to gut them out of the crap these corporations have injected, that is if the devs bother. So be careful with the statements about FOSS = Safe and Private, maybe for good devs which can audit it, but not so much for the normal user